Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)

Ivanti released an advisory to address a critical severity vulnerability impacting Ivanti Virtual Traffic Manager. Tracked as CVE-2024-7593, the vulnerability has a CVSS score of 9.8. A remote, unauthenticated attacker may bypass authentication and create administrative users on successful exploitation. The vulnerability originates from an incorrect implementation of an authentication algorithm. Ivanti mentioned in the … Continue reading “Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)”

Progress MOVEit Transfer Authentication Bypass Vulnerability (CVE-2024-5806)

Progress Software has released patches to address a critical severity vulnerability impacting MOVEit File Transfer. Tracked as CVE-2024-5806, the vulnerability has a CVSS score of 9.1. This is an improper authentication vulnerability that exists in the SFTP module of the MOVEit Transfer. Successful exploitation of the vulnerability may lead to an authentication bypass.

Fortra Tripwire Enterprise Authentication Bypass Vulnerability (CVE-2024-4332)

Fortra released a security advisory to address a vulnerability impacting Tripwire Enterprise. Tracked as CVE-2024-4332, the vulnerability has been given a critical severity rating with a CVSS score of 9.8. Successful exploitation of the vulnerability could allow remote attackers to gain privileged access to the APIs.

Progress Telerik Report Server Authentication Bypass Vulnerability (CVE-2024-4358)

A security researcher at Trend Micro Zero Day Initiative discovered a vulnerability in the Progress Telerik Report Server. CVE-2024-4358 is a critical severity vulnerability allowing an unauthenticated, remote attacker to bypass security restrictions and gain access to Telerik Report server-restricted functionality.

Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)

Veeam released a security advisory to address four vulnerabilities of different severity ratings. All the vulnerabilities impact Veeam Backup and Replication. One of the four vulnerabilities, CVE-2024-29849, is rated as critical with a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an unauthenticated attacker to log in to the Veeam Backup Enterprise … Continue reading “Veeam Backup and Replication Authentication Bypass Vulnerability (CVE-2024-29849)”

Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)

Ivanti has warned users to patch an XML external entity vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways. CVE-2024-22024 may allow an attacker to access certain restricted resources without authentication. Ivanti has mentioned in the advisory, “We have no evidence of this vulnerability being exploited in the wild as it was found during our internal review … Continue reading “Ivanti Connect Secure and Ivanti Policy Secure XML External Entity (XXE) Vulnerability (CVE-2024-22024)”

GoAnywhere Managed File Transfer (MFT) Authentication Bypass Vulnerability (CVE-2024-0204)

Security researchers at Spark Engineering Consultants have discovered an authentication bypass vulnerability in GoAnywhere Managed File Transfer. Tracked as CVE-2024-0204, the vulnerability has a critical severity and a CVSS score of 9.8. The vulnerability allows an unauthorized user to create an admin user via the administration portal.